STATUTORY LAW 1266 OF 2008 
Official Gazette No. 47.219 of December 31, 2008
CONGRESS OF THE REPUBLIC
Whereby the general provisions of habeas data are dictated and the handling of the information contained in personal data bases is regulated, especially the financial, credit, commercial, service and third-country databases and other provisions are dictated.
Summary of Validity Notes
THE CONGRESS OF THE REPUBLIC
ARTICLE 1o. OBJECT. The purpose of this law is to develop the constitutional right that all persons have to know, update and rectify the information that has been collected about them in data banks, and the other rights, liberties and constitutional guarantees related to the collection, treatment and circulation of personal data referred to in article 15 of the Political Constitution, as well as the right to information established in article 20 of the Political Constitution, particularly in relation to financial and credit information, commercial, services and the originating from third countries.
ARTICLE 2o. AREA OF APPLICATION. This law applies to all personal information data registered in a data bank, whether they are administered by entities of a public or private nature.
This law will be applied without prejudice to special rules that provide for the confidentiality or reservation of certain data or information recorded in databases of public nature, for statistical purposes, investigation or punishment of crimes or to ensure public order.
Excepted from this law are the databases that aim to produce State Intelligence by the Administrative Department of Security, DAS, and the Public Force to guarantee internal and external national security.
The public records in charge of the chambers of commerce shall be governed exclusively by the rules and principles enshrined in the special regulations that regulate them.
Likewise, data kept in an exclusively personal or domestic environment and those that circulate internally, that is, that are not provided to other legal or natural persons, are excluded from the application of this law.
ARTICLE 3o. DEFINITIONS. For the purposes of this law, it is understood as:
a) Owner of the information. It is the natural or legal person to whom the information that rests in a data bank and subject to the right of habeas data and other rights and guarantees referred to in this law refers;
b) Information source. Is the person, entity or organization that receives or knows personal data of the holders of the information, by virtue of a commercial or service relationship or of any other nature and that, by reason of legal authorization or of the owner, provides such data to an information operator, which in turn will deliver them to the end user. If the source delivers the information directly to the users and not, through an operator, that will have the double status of source and operator and will assume the duties and responsibilities of both. The source of the information is the quality of the data provided to the operator which, as soon as it has access to and provides personal information of third parties, is subject to compliance with the duties and responsibilities foreseen to guarantee the protection of the rights of the owner of the information. data;
c) Information operator. The information operator is the name of the person, entity or organization that receives personal data about several holders of the information from the source, manages them and informs them of the users under the parameters of this law. Therefore, the operator, insofar as it has access to personal information of third parties, is subject to compliance with the duties and responsibilities envisaged to guarantee the protection of the rights of the owner of the data. Unless the operator is the same source of information, it has no commercial or service relationship with the owner and therefore is not responsible for the quality of the data provided by the source;
d) User. The user is the natural or legal person who, under the terms and circumstances provided in this law, can access personal information of one or more owners of the information provided by the operator or source, or directly by the owner of the information. information. The user, insofar as he has access to personal information of third parties, is subject to compliance with the duties and responsibilities envisaged to guarantee the protection of the rights of the owner of the data. In the case in which the user in turn delivers the information directly to an operator, that person will have the double condition of user